Lucene search
Michael DePlante (@izobashi) of Trend Micro's Zero Day InitiativeZDI-22-1132HistoryAug 23, 2022 - 12:00 a.m.
Measuresoft ScadaPro Client Link Following Denial-of-Service Vulnerability
2022-08-2300:00:00
Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative
www.zerodayinitiative.com
9
measuresoft
scadapro client
denial-of-service
vulnerability
local attackers
low-privileged code
symbolic link
installer
file
exploit
0.001 Low
EPSS
Percentile
26.8%
This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Measuresoft ScadaPro Client. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the ScadaPro Client installer. By creating a symbolic link, an attacker can abuse the installer to create a file. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.
Related
cve
cve
CVE-2022-2898
2022-08-31 21:15:08
nvd
nvd
CVE-2022-2898
2022-08-31 21:15:08
zdi
zdi
Measuresoft ScadaPro Server Link Following Denial-of-Service Vulnerability
2022-08-23 00:00:00
prion
prion
Race condition
2022-08-31 21:15:00
cvelist
cvelist
CVE-2022-2898 Measuresoft ScadaPro Server and Client Link Following
2022-08-23 00:00:00
ics
ics
Measuresoft ScadaPro Server and Client
2022-08-23 12:00:00